Mobile Security Permissions

zeus.bd
zeus.bd ✭✭✭
edited May 2022 in Mobile Security

Below you will find a full list of permissions Bitdefender Mobile Security requires.


General Mobile Security permissions : the following permission are used across multiple modules and are explained in-line :


  • android.permission.WAKE_LOCK -> used when receiving commands from web-console in order to interpret the command at the time it's received
  • android.permission.INTERNET -> used when communicating with Bitdefender web-services ; licensing ; Web-Security ; Malware Scanner
  • android.permission.GET_ACCOUNTS -> used if the user wants to log-in using his Google Account
  • android.permission.MANAGE_ACCOUNTS -> used if the user wants to log-in using his Google Account
  • android.permission.USE_CREDENTIALS -> used if the user wants to log-in using his Google Account
  • com.android.vending.BILLING -> used for In-app-purchase ; the user must have the latest version of Google Play Store on his device
  • com.google.android.c2dm.permission.RECEIVE / com.google.android.c2dm.permission.SEND / com.google.android.c2dm.intent.REGISTRATION-> used for Anti-theft functionality over web-console
  • android.permission.RECEIVE_BOOT_COMPLETED -> used for keeping services running after boot


Web Security : in order to provide WebSecurity the following permissions are required :


  • com.android.browser.permission.READ_HISTORY_BOOKMARKS
  • com.android.browser.permission.WRITE_HISTORY_BOOKMARKS


Anti-Theft :


General Anti-thef permissions - the following permissions are used in all anti-theft functions and are explained in-line


  • android.permission.WAKE_LOCK -> used when receiving commands from web-console in order to interpret the command at the time it's received
  • android.permission.INTERNET -> used when communicating with Bitdefender web-services
  • android.permission.BIND_DEVICE_ADMIN -> required for all anti-thef modules except GeoLocation


The anti-thef module requires some permissions that might seem intrusive , so to shed a clear light on why they are necessary we'll break them down below.


Web Control


  1. Geolocate : the permissions requested bellow are necessary to get the best possible location


    • android.permission.ACCESS_LOCATION_EXTRA_COMMANDS
    • android.permission.ACCESS_NETWORK_STATE
    • android.permission.ACCESS_WIFI_STATE
    • android.permission.ACCESS_COARSE_LOCATION
    • android.permission.ACCESS_FINE_LOCATION
  2. Remote lock :


    • android.app.action.ACTION_PASSWORD_SUCCEEDED
    • android.permission.BIND_DEVICE_ADMIN
  3. Remote Wipe : only requires device admin to be enabled


SMS Control


  1. SMS Commands : Mobile Security now supports SMS commands. This along brings the need for us to request permissions for reading / writing SMS's. The flow is as follows : Mobile Security has to read a SMS that was received -> parse it in order to identify if it's a legitimate command -> take action according to the command received -> and respond back to the number which issued the command.


  • android.permission.READ_SMS
  • android.permission.WRITE_SMS
  • android.permission.RECEIVE_SMS
  • android.permission.SEND_SMS
  • android.permission.READ_PHONE_STATE
  • android.permission.READ_CONTACTS - > required to access phone contacts when selecting buddy number
  • android.permission.CALL_PHONE -> required when issuing callme command
  • android.permission.BLUETOOTH / android.permission.MODIFY_AUDIO_SETTINGS -> required when issuing answer command
  • android.permission.SYSTEM_ALERT_WINDOW -> required for PIN protection
This discussion has been closed.